public FederatedClientCredentials GetFederatedCredentialsForDelegation(ExternalAuthentication extAuth) { this.UpdateCrossPremiseStatus(); if ((!this.isArchiveCrossPremise || !this.isCrossPremiseArchiveEnabled) && !this.isMailboxCrossPremise) { throw new InvalidOperationException("This is not an enabled remote mailbox."); } if (this.xropTokenRequest == null) { throw new InvalidOperationException("We shouldn't be requesting DelegationTokenRequest for misconfigured remote mailbox properties."); } FedOrgCredentials organizationCredentials = new FedOrgCredentials(this.xropTokenRequest, extAuth.GetSecurityTokenService(this.adUser.OrganizationId)); return(new FederatedClientCredentials(this.xropUserFederatedIdentity, this.xropUserEmailAddress, organizationCredentials)); }
protected virtual bool TryGetExchangeRpcUrlFromAutodiscoverSettings(SmtpAddress remoteIdentity, SecurityTokenService securityTokenService, DelegationTokenRequest autoDiscoveryTokenRequest, Uri autoDiscoveryEndpoint, out Uri exchangeRpcUrl) { exchangeRpcUrl = null; FedOrgCredentials credentials = new FedOrgCredentials(autoDiscoveryTokenRequest, securityTokenService); bool result; using (AutoDiscoverUserSettingsClient autoDiscoverUserSettingsClient = AutoDiscoverUserSettingsClient.CreateInstance(DirectorySessionFactory.Default.CreateTopologyConfigurationSession(ConsistencyMode.IgnoreInvalid, this.storeSession.MailboxOwner.MailboxInfo.OrganizationId.ToADSessionSettings(), 250, "TryGetExchangeRpcUrlFromAutodiscoverSettings", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\ExchangePrincipal\\RemoteMailboxProperties.cs"), credentials, remoteIdentity, autoDiscoveryEndpoint, RemoteMailboxProperties.AutodiscoveryRequestedSettings)) { autoDiscoverUserSettingsClient.AnchorMailbox = this.storeSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString(); UserSettings userSettings = autoDiscoverUserSettingsClient.Discover(); StringSetting stringSetting = userSettings.GetSetting(RemoteMailboxProperties.AutodiscoveryRequestedSettings[0]) as StringSetting; result = (stringSetting != null && Uri.TryCreate(stringSetting.Value, UriKind.Absolute, out exchangeRpcUrl)); } return(result); }
private void Discover(ExchangePrincipal principal, ADUser executingUser, out string ewsEndpoint, out DelegationTokenRequest ewsTokenRequest) { SmtpAddress value = principal.MailboxInfo.RemoteIdentity.Value; ADSessionSettings sessionSettings = ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(OrganizationId.ForestWideOrgId); IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(null, true, ConsistencyMode.FullyConsistent, null, sessionSettings, ConfigScopes.TenantSubTree, 168, "Discover", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\Search\\MailboxSearch\\MailboxSearchEwsClient.cs"); ADUser aduser = null; TransportConfigContainer transportConfigContainer = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(true, ConsistencyMode.IgnoreInvalid, sessionSettings, 171, "Discover", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\Search\\MailboxSearch\\MailboxSearchEwsClient.cs").FindSingletonConfigurationObject <TransportConfigContainer>(); if (transportConfigContainer != null && transportConfigContainer.OrganizationFederatedMailbox != SmtpAddress.NullReversePath) { SmtpAddress organizationFederatedMailbox = transportConfigContainer.OrganizationFederatedMailbox; ProxyAddress proxyAddress = null; try { proxyAddress = ProxyAddress.Parse(organizationFederatedMailbox.ToString()); } catch (ArgumentException ex) { ExTraceGlobals.SessionTracer.TraceError <string>((long)this.GetHashCode(), "Proxy address of organization federated mailbox is invalid: {0}", ex.ToString()); } if (proxyAddress != null && !(proxyAddress is InvalidProxyAddress)) { aduser = (tenantOrRootOrgRecipientSession.FindByProxyAddress(proxyAddress) as ADUser); } } OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(OrganizationId.ForestWideOrgId); OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(value.Domain); if (aduser == null || organizationRelationship == null) { throw new OrganizationNotFederatedException(); } DelegationTokenRequest request = new DelegationTokenRequest { FederatedIdentity = aduser.GetFederatedIdentity(), EmailAddress = aduser.GetFederatedSmtpAddress().ToString(), Target = organizationRelationship.GetTokenTarget(), Offer = Offer.Autodiscover }; FedOrgCredentials credentials = new FedOrgCredentials(request, this.GetSecurityTokenService(aduser.OrganizationId)); Uri uri = null; using (AutoDiscoverUserSettingsClient autoDiscoverUserSettingsClient = AutoDiscoverUserSettingsClient.CreateInstance(DirectorySessionFactory.Default.CreateTopologyConfigurationSession(ConsistencyMode.IgnoreInvalid, sessionSettings, 215, "Discover", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\Search\\MailboxSearch\\MailboxSearchEwsClient.cs"), credentials, value, organizationRelationship.TargetAutodiscoverEpr, MailboxSearchEwsClient.AutoDiscoverRequestedSettings)) { UserSettings userSettings = autoDiscoverUserSettingsClient.Discover(); StringSetting stringSetting = userSettings.GetSetting("ExternalEwsUrl") as StringSetting; if (stringSetting == null || !Uri.TryCreate(stringSetting.Value, UriKind.Absolute, out uri)) { throw new AutoDAccessException(ServerStrings.AutoDRequestFailed); } } ewsEndpoint = EwsWsSecurityUrl.Fix(uri.ToString()); string text = null; if (executingUser.EmailAddresses != null && executingUser.EmailAddresses.Count > 0) { List <string> federatedEmailAddresses = executingUser.GetFederatedEmailAddresses(); if (federatedEmailAddresses != null && federatedEmailAddresses.Count > 0) { text = federatedEmailAddresses[0]; } } if (string.IsNullOrEmpty(text)) { ewsTokenRequest = new DelegationTokenRequest { FederatedIdentity = aduser.GetFederatedIdentity(), EmailAddress = aduser.GetFederatedSmtpAddress().ToString(), Target = organizationRelationship.GetTokenTarget(), Offer = Offer.MailboxSearch }; return; } ewsTokenRequest = new DelegationTokenRequest { FederatedIdentity = executingUser.GetFederatedIdentity(), EmailAddress = text.ToString(), Target = organizationRelationship.GetTokenTarget(), Offer = Offer.MailboxSearch }; }
public static AutoDiscoverUserSettingsClient CreateInstance(ITopologyConfigurationSession topologyConfigurationSession, FedOrgCredentials credentials, SmtpAddress identity, Uri autoDiscoveryEndpoint, string[] requestedSettings) { Util.ThrowOnNullArgument(credentials, "credentials"); RequestedToken token; try { token = credentials.GetToken(); } catch (WSTrustException ex) { string text = identity.ToString(); string text2 = ex.ToString(); StorageGlobals.EventLogger.LogEvent(StorageEventLogConstants.Tuple_AutoDiscoverFailedToAquireSecurityToken, text, new object[] { text, text2 }); ExTraceGlobals.XtcTracer.TraceError <string, string>(0L, "AutoDiscover request failed for {0}, failed to aquire security token. Exception: {1}.", text, text2); throw new AutoDAccessException(ServerStrings.AutoDFailedToGetToken, ex); } return(new AutoDiscoverUserSettingsClient(topologyConfigurationSession, SoapHttpClientAuthenticator.Create(token), EwsWsSecurityUrl.Fix(autoDiscoveryEndpoint), identity, requestedSettings)); }